Techniques are provided for generating and using a multi-signature token for electronic message validation according to the one or more embodiments as described herein. Specifically, a multi-signature token may be generated that includes at least two digital signatures and information (e.g., user information). Each of the at least two digital signatures may be generated using a private key of at least two key pairs that are maintained on a plurality of keystores that have at least two different implementations (e.g., security protocols). If the at least two digital signatures are valid, the multi-signature token may be determined to be valid and the client request may optionally be performed. If at least one of the at least two digital signatures is invalid, the client request is optionally not performed.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
2. The computerized method of claim 1, wherein the user information is assigned to a user that issues the user request and the user information includes one or more of a user identifier of the user, a business context of the user, and resource information indicating one or more resources that are accessible by the user.
This invention relates to a computerized method for managing user access to resources in a system. The method addresses the problem of efficiently associating user information with user requests to determine appropriate access permissions and resource availability. The method involves assigning user information to a user who issues a request, where the user information includes at least one of a user identifier, a business context of the user, or resource information indicating resources accessible by the user. The user identifier uniquely identifies the user within the system, while the business context provides additional details about the user's role, department, or organizational affiliation. The resource information specifies which resources the user is authorized to access, ensuring that only permitted resources are retrieved or processed in response to the request. This approach enhances security and streamlines access control by dynamically linking user attributes with available resources, reducing the need for manual permission checks and improving system efficiency. The method can be integrated into various systems requiring secure and context-aware resource management, such as enterprise applications, cloud services, or multi-user environments.
5. The computerized method of claim 1, wherein the first asymmetric key pairs and the second asymmetric key pairs are generated using a digital signature scheme that includes one of a Digital Signature Algorithm (DSA), an Elliptic Curve Digital Signature Algorithm (ECDSA), an Edwards-curve Digital Signature Algorithm (EdDSA), a Rivest-Shamir-Adleman (RSA) algorithm, an ELGamal signature scheme, or a Schnoor signature algorithm.
This invention relates to a computerized method for generating and managing asymmetric key pairs in cryptographic systems. The method addresses the need for secure and efficient key generation in digital signature schemes, ensuring robust authentication and data integrity in communication protocols. The method involves creating first and second sets of asymmetric key pairs, where each key pair consists of a public key and a private key. These key pairs are generated using a digital signature scheme selected from a group of well-established cryptographic algorithms, including the Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA), Edwards-curve Digital Signature Algorithm (EdDSA), Rivest-Shamir-Adleman (RSA) algorithm, ELGamal signature scheme, or Schnoor signature algorithm. The choice of algorithm depends on the specific security requirements and computational constraints of the application. The generated key pairs are then used to sign and verify digital signatures, ensuring secure authentication and message integrity in various cryptographic applications. The method supports multiple signature schemes, allowing flexibility in deployment across different systems and security standards. This approach enhances cryptographic security by leveraging proven algorithms while accommodating diverse operational environments.
8. The computerized method of claim 1, wherein the first security implementation is a first security protocol used to protect the first keystore which generate the first asymmetric key pair and the second security implementation is a second security protocol used to protect the second keystore which generates the second asymmetric key pair, and wherein the first security protocol and the second security protocol are different.
This invention relates to a computerized method for managing asymmetric key pairs using distinct security protocols to protect different keystores. The method addresses the challenge of securing cryptographic keys in environments where varying security requirements exist, such as in multi-tenant systems or hybrid cloud architectures. The solution involves generating a first asymmetric key pair within a first keystore protected by a first security protocol, and a second asymmetric key pair within a second keystore protected by a second security protocol. The first and second security protocols are different, allowing for tailored security measures based on the specific needs of each keystore. For example, one keystore may use hardware-based security (e.g., a hardware security module) while the other employs software-based encryption. This approach ensures that keys are stored and managed according to their respective security requirements, enhancing overall system security. The method may also include steps for key generation, storage, and retrieval, ensuring that each keystore operates independently with its own security measures. This flexibility is particularly useful in scenarios where different regulatory or compliance standards must be met for different sets of keys.
10. The system of claim 9, wherein the user information is assigned to a user that issues the user request and the user information includes one or more of a user identifier of the user, a business context of the user, and resource information indicating one or more resources that are accessible by the user.
This invention relates to a system for managing user access to resources in a computing environment. The system addresses the challenge of efficiently authenticating users and determining their authorized access rights based on contextual information. The system includes a request processing module that receives a user request for access to a resource. The system also includes a user information module that assigns user information to the user issuing the request. This user information includes a user identifier, a business context of the user, and resource information indicating the resources accessible by the user. The business context may include details such as the user's role, department, or organizational unit, which helps determine the appropriate access permissions. The resource information specifies which resources the user is authorized to access, ensuring that access is granted only to permitted resources. The system further includes an access control module that evaluates the user information against predefined access policies to determine whether the user request should be granted or denied. This ensures secure and context-aware access control in a computing environment.
13. The system of claim 9, wherein the first asymmetric key pairs and the second asymmetric key pairs are generated using a digital signature scheme that includes one of a Digital Signature Algorithm (DSA), an Elliptic Curve Digital Signature Algorithm (ECDSA), an Edwards-curve Digital Signature Algorithm (EdDSA), a Rivest-Shamir-Adleman (RSA) algorithm, an ELGamal signature scheme, or a Schnoor signature algorithm.
This invention relates to a cryptographic system for secure communication, addressing the need for robust key generation and management in digital signature schemes. The system generates and manages asymmetric key pairs for multiple parties, ensuring secure authentication and data integrity. The key pairs are created using a digital signature scheme selected from a set of well-known cryptographic algorithms, including the Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA), Edwards-curve Digital Signature Algorithm (EdDSA), Rivest-Shamir-Adleman (RSA) algorithm, ELGamal signature scheme, or Schnoor signature algorithm. These algorithms provide varying levels of security and efficiency, allowing the system to adapt to different performance and security requirements. The system ensures that each party involved in the communication process has a unique set of asymmetric key pairs, which are used to sign and verify digital signatures, preventing unauthorized access and tampering. The use of these standardized algorithms ensures compatibility with existing cryptographic infrastructure while maintaining high security standards. The system may be applied in various secure communication protocols, including but not limited to, secure messaging, digital transactions, and authentication systems.
16. The system of claim 9, wherein the first security implementation is a first security protocol used to protect the first keystore that generates the first asymmetric key pair and the second security implementation is a second security protocol used to protect the second keystore that generates the second asymmetric key pair, and wherein the first security protocol and the second security protocol are different.
This invention relates to a cryptographic system that uses multiple security protocols to protect different keystores generating asymmetric key pairs. The system addresses the challenge of securing cryptographic operations by isolating key generation processes under distinct security protocols, enhancing resistance to attacks targeting a single security mechanism. The system includes a first keystore protected by a first security protocol, which generates a first asymmetric key pair, and a second keystore protected by a second security protocol, which generates a second asymmetric key pair. The first and second security protocols are different, ensuring that a compromise of one protocol does not automatically compromise the other. This approach improves security by diversifying the protection mechanisms for cryptographic keys, reducing the risk of large-scale breaches. The system may also include a key management module that coordinates the use of these keys, ensuring secure interactions between the keystores and other system components. The invention is particularly useful in environments requiring high-security cryptographic operations, such as financial transactions, secure communications, or identity verification systems. By employing distinct security protocols for different keystores, the system provides a robust defense against attacks that exploit vulnerabilities in a single security mechanism.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
June 14, 2023
April 16, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.